Category Started On Completed On Duration Cuckoo Version
FILE 2017-10-11 14:07:29 2017-10-11 14:17:48 619 seconds 1.2
Machine Label Manager Started On Shutdown On
WindowsXPSP3 WindowsXPSP3 VirtualBox 2017-10-11 14:07:29 2017-10-11 14:17:47

File Details

File name achiang31_malware1.exe
File size 92160 bytes
File type PE32 executable (console) Intel 80386, for MS Windows
CRC32 02173FCE
MD5 2c5a02fb629869106b678d948df19025
SHA1 578c050bd7c2ab52576786d6fb7bdc8a473520e7
SHA256 2e43981121d725b45beddce7a43a36668103d2be7f95749ccc3716a8cc52668c
SHA512 0bb6d19df796d681bfaccd6c6c6e7e9bf72414ff040c97121d5a1461ab8d2fcfea768a47312049230e83e9fff78de185d60b5bd36b99c73e6ad5ca2db9c14653
Ssdeep 1536:feOmsWjcdWsMk6HX7/oc9jzsTJi3+ld2LHzwdcU+at7:feOJW7k6H7oc98rlMYcUFt7
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2017-09-29 14:39:12
Detection Rate: 36/64 (Expand)

Signatures

No signatures matched

Screenshots

Static Analysis

Sections

Imports

Strings

Dropped Files

achiang31_malware1.exe

Network Analysis

Hosts Involved

Behavior Summary

Files
  • C:\DOCUME~1\cuckoo\LOCALS~1\Temp\achiang31_malware1.exe
Mutexes
  • eclipseddos
Registry Keys
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
  • HKEY_CURRENT_USER\Software\Resilience Software
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp
  • HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
  • ActiveComputerName

Processes

registry filesystem process services network synchronization

achiang31_malware1.exe PID: 1936, Parent PID: 1856

iexplore.exe PID: 1984, Parent PID: 1936

iexplore.exe PID: 176, Parent PID: 1984

Volatility

Nothing to display.